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What is claimed is: 

CLAIMS 

1. A communication session management method for providing a 
5 transmission service having a plurality of service-levels, each service-level being 

associated with a separate quality-of-service (QOS), the method comprising: 

preparing data for transmission at one of the plurality of service-levels 
by uniquely associating a service-level encryption key with said one of the plurality 
of service-levels; 

10 encrypting said data with said service-level encryption key to form 

encrypted data uniquely associated with said one of the plurality of service-levels; 
and 

transmitting said encrypted data uniquely associated with said one of 
the plurality of service-levels to users entitled to said one of the plurality of service- 
15 levels. 

2. A method according to claim 1 and also comprising the step of: 
distributing to the users entitled to said one of the plurality of service 

levels decryption key derivation information for decrypting said encrypted data. 

20 

3. A method according to claim 2 and wherein said decryption key 
derivation information is comprised in an entitlement control message (ECM). 

4. A method according to claim 1 and wherein said plurality of service- 
25 levels are hierarchical according to a QOS hierarchy. 

5. A method according to claim 4 and wherein each one of the plurality 
of service-levels includes an indication of at least one of the following: a data 
transmission bandwidth; a number of users that may concurrently connect to the 

30 transmission service; a set of transmission applications served; a type of downgrade 
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support to a service-level lower in the QOS hierarchy; a type of disconnect-on-idle 
operation; and a determination of a Web server to connect to. 

6. A method according to claim 1 and also comprising the steps of: 

5 determining that conmiunication load at said one of the plurality of 

service-levels exceeds a threshold; and 

downgrading to an available service-level that is lower in the QOS 
hierarchy than said one of the plurality of service-levels. 

10 7. A method according to claim 6 and wherein said downgrading step is 

supported in one of the following modes: an automatic mode; and a mode in which 
downgrade is made upon confirmation of a user. 

8. A method according to claim 6 and wherein said downgrading step 
15 comprises: 

identifying the available service-level that is lower in the QOS 
hierarchy than said one of the plurality of service-levels; 

encrypting said data with an encryption key uniquely associated with 
said available service-level that is lower in the QOS hierarchy than said one of the 
20 plurality of service-levels to form encrypted data uniquely associated with said 
service-level that is lower in the QOS hierarchy; and 

transmitting said encrypted data uniquely associated with said service- 
level that is lower in the QOS hierarchy to users entitled to said one of the plurality 
of service-levels. 

25 

9. A method according to claim 1 and wherein the transmission service 
comprises at least one of the following: a unicast transmission; and a multicast 
transmission. 

30 10. A method according to claim 1 and wherein said users comprise at 

least one of the following: individual users; and users of an Intranet. 
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11. A method according to claim 1 and wherein said encrypting step is 

performed in the PID layer. 

5 12. A method according to claim 1 and also comprising the step of 

enabling the users entitled to said one of the plurality of service-levels to decrypt 
said encrypted data according to service-level entitlements of the users. 

13. A method according to claim 1 and wherein said data comprises at 

10 least one of the following: any type of computerized data; video information; audio 
information; and multimedia. 

^0 

3 

i=y 14. A method according to claim 13 and wherein said data comprises on- 

j;^ demand data, 

i 15 

:s 15. A system at a headend for providing a transmission service having a 

plurality of service-levels, each service-level being associated with a separate 
: quality-of-service (QOS), the system comprising: 

ry 

C3 a management unit for preparing data for transmission at one of the 

20 plurality of service-levels by uniquely associating a service-level encryption key 
with said one of the plurality of service-levels; 

an encryptor operatively associated with said management unit and 
operative to encrypt said data with said service-level encryption key to form 
encrypted data uniquely associated with said one of the plurality of service-levels; 
25 and 

a transmitter unit operatively associated with said management unit 
and said encryptor and operative to transmit said encrypted data uniquely associated 
with said one of the plurality of service-levels to users entitled to said one of the 
plurality of service-levels, 

30 



3 



• « 

16. A system according to claim 15 and wherein said data comprises at 
least one of the following: any type of computerized data; video information; audio 
information; and multimedia. 

17. A system according to claim 16 and wherein said data comprises on- 
demand data. 

18. A system according to claim 15 and wherein each one of the plurality 
of service-levels includes an indication of at least one of the following: a data 
transmission bandwidth; a number of users that may concurrently connect to the 
transmission service; a set of transmission applications served; a type of downgrade 
support to a service-level lower in the QOS hierarchy; a type of disconnect-on-idle 
operation; and a determination of a Web server to connect to. 



